lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060618225854.21247.qmail@securityfocus.com>
Date: 18 Jun 2006 22:58:54 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Dragons Kingdom v1.0 - XSS & cookie disclosure


Dragons Kingdom Script v1.0

Homepage:
http://www.dkscript.com/

Affected files:

*Sending mail:
- Sending in-game mail


*Character Profiles:
- All input boxes of the profile


* Posting & Replying in the forum:
- Posting in the forum
- Replying in the forum

* Form spoofing can occur in:
- Profile input boxes
- Posting in the msgboard
- Sening in-game mail.

* Gambling Den:
- High or low game.

* Exploring
- Using the compass
---------------------------------------------

XSS vuln with cookie disclosure when sending in-game mail:

User data isn't sanatized before being generated. 

For a PoC send someone a mail that says:

<IMG SRC=javascript:alert('XSS')>

Screenshots:
http://www.youfucktard.com/xsp/dragking1.jpg
http://www.youfucktard.com/xsp/dragking2.jpg

Displaying our cookie:
http://www.youfucktard.com/xsp/dragking3.jpg
--------------------------------------------
XSS vulns with cookie disclosure in character profiles:

The form for editing your player profile can be spoofed to increase the maxchar limit to create our xss example.

Vulnerable profile input boxes:

- Gender
- Country/Location
- MSN Messenger
- AOL IM
- Yahoo IM
- ICQ

Screenshots:
http://www.youfucktard.com/xsp/dragking4.jpg
http://www.youfucktard.com/xsp/dragking5.jpg
------------------------------------------
XSS vuln when posting in the forum or replying:

User data isn't sanatized before being generated. 

For a PoC put the code below as your forum topic or msg:
<IMG SRC=javascript:alert('XSS')>

Also works when replying to msgs.


PoC screenshots:
http://www.youfucktard.com/xsp/dragking6.jpg
http://www.youfucktard.com/xsp/dragking7.jpg

--------------------------------------------

Gambling Den bet bypass:

It seems if you don't like your first card you got, you can refresh the screen and another random card will appear on screen. This makes it very easy to guess & cheat at this game.

------------------------------------------

Exploring bypass:

If you just want to power level and don't want to wait for the compass to load you can use the link below. You'll stay on the same tile, but fatique will increase like you're moving, and mobs will attack you.

http://www.example.com/index.php?do=move&setdir=North&getkey=1&pK=North
----------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ